[TheRecord] Senate committee advances major cybersecurity legislation

The Senate Homeland Security Committee on Wednesday advanced to two bills aimed at boosting the U.S. government’s insight into cyberattacks on critical infrastructure operators and the private sector, as well as federal agencies.

The committee approved by voice vote the Cyber Incident Reporting Act, which would give critical infrastructure owners and operators up to 72 hours to report hacks and 24 hours to divulge ransom payments. The bill differs from one introduced earlier this year by the Senate Intelligence Committee that proposed a 24-hour window.

The Senate Homeland legislation mirrors a bipartisan measure from the House Homeland Security Committee that was attached to that chamber’s annual defense policy bill as an amendment.

The senate bill, which was released last month by Chair Gary Peters (D-Mich.) and Ranking Member Rob Portman (R-Ohio), also took on ransomware by requiring organizations, including businesses with more than 50 employees, nonprofits, and state and local governments, to notify CISA if they make a ransom payment.

The committee rejected an amendment by Sen. Rick Scott (R-Fla.) that would limit the scope of ransom payment reporting amendment to critical infrastructure operators. Many GOP members voiced concern that the mandate would prove burdensome to smaller businesses.

Peters said the 50-person threshold was not “carved in stone” and expressed support for an amendment from Portman that would raise it to somewhere between 200 and 500 personnel, a proposal embraced by some Republicans, like Sen. Mitt Romney (Utah).

The committee later adopted Portman’s amendment but didn’t provide an exact figure before adjourning. Lawmakers also adopted by voice vote a Portman amendment that would, among other things, exempt religious organizations from having to report ransom payments.

In addition, the panel also okayed legislation from Peters and Portman that would update the 2014 Federal System Incident Response Act that would require federal civilian agencies to report breaches to CISA and OMB, as well as include new authorities that make CISA the lead agency on cybersecurity incidents affecting federal civilian agency networks.

The measure comes in response to a recent review by the Senate committee on digital defenses within the federal government that found many key agencies lack good cyber hygiene.

Peters said he hoped to hitch the incident reporting legislation to the Senate version of the defense policy roadmap.

The post Senate committee advances major cybersecurity legislation appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored […]

Read More

[NCSC-FI News] Why Russia’s “disconnection” from the Internet isn’t amounting to much

Rumors of Russian Internet services degrading have been greatly exaggerated, despite unprecedented announcements recently from two of the world’s biggest backbone providers that they were exiting the country following its invasion of Ukraine. Source: Read More (NCSC-FI daily news followup)

Read More

[ZDNet] Apache’s new security update for HTTP Server fixes two flaws

All posts, ZDNet

There’s a fix for a critical flaw in Apache HTTP Server, the world’s second most widely used web server. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.